07/03/2025

New Nacha Compliance Process: What Your Institution Needs to Do Now

Nacha is moving from a manual process to an automated system managed through the Risk Management Portal. The new procedure will allow Nacha to reach every financial institution and Third-Party Sender over a three-year period.

 Here’s What You Need to Know:

• Attestation requests will now come from donotreply@nacha-rmp.nacha.org. If your institution is selected, the subject line of the email will read:

Subject: ACH Rules Compliance Audit Attestation
From: donotreply@nacha-rmp.nacha.org

• Each request will include a link to the Risk Management Portal, where administrators must attest to audit completion and provide the date it was conducted.
• Third-Party Sender attestations will also be included, with financial institutions required to submit one attestation per TSP requested.
• Some institutions may be selected for a manual review and will be asked to provide additional documentation (e.g., audit summary, certificate, or cover letter).

Take These Steps Now:

• Ensure donotreply@nacha-rmp.nacha.org is whitelisted to prevent delivery issues.
• Log in to the Risk Management Portal to review and update administrator contacts. Remember, financial institutions may list up to six administrators.
• Remove outdated users and add current staff.

SFE remains a trusted and knowledgeable source to help you navigate the ACH landscape and regulatory requirements. 

Request a Customized Proposal Today